我尝试sshfs挂载远程目录,但挂载的文件不可写。我已经没有足够的想法或方法来调试它了。我应该在远程服务器上检查什么吗?
我正在使用Xubuntu 14.04。我安装了14.04 Ubuntu的远程目录。
local $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
我改变了/etc/fuse.conf
local $ sudo cat /etc/fuse.conf
# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)
# Set the maximum number of FUSE mounts allowed to non-root users.
# The default is 1000.
#mount_max = 1000
# Allow non-root users to specify the allow_other or allow_root mount options.
user_allow_other
我的用户在保险丝组中
local $ sudo grep fuse /etc/group
fuse:x:105:MY_LOACL_USERNAME
我用(尝试使用/不使用sudo,default_permissions,allow_other的组合)挂载远程目录:
local $sudo sshfs -o allow_other,default_permissions -o IdentityFile=/path/to/ssh_key REMOTE_USERNAME@REMOTE_HOST:/remote/dir/path/ /mnt/LOCAL_DIR_NAME/
在REMOTE_USERNAME具有写权限目录/文件(在远程服务器上)。
我在没有sudo,default_permissions的情况下尝试了上述命令,在所有情况下,我都得到了:
local $ ls -al /mnt/LOCAL_DIR_NAME/a_file
-rw-rw-r-- 1 699 699 1513 Aug 12 16:08 /mnt/LOCAL_DIR_NAME/a_file
local $ test -w /mnt/LOCAL_DIR_NAME/a_file && echo "Writable" || echo "Not Writable"
Not Writable
回应user3188445的评论:
$ whoami
LOCAL_USER
$ cd
$ mkdir test_mnt
$ sshfs -o allow_other,default_permissions -o IdentityFile=/path/to/ssh_key REMOTE_USERNAME@REMOTE_HOST:/remote/dir/path/ test_mnt/
$ ls test_mnt/
I see the contents of the dir correctly
$ ls -al test_mnt/
total 216
drwxr-xr-x 1 699 699 4096 Aug 12 16:42 .
drwxr----- 58 LOCAL_USER LOCAL_USER 4096 Aug 17 15:46 ..
-rw-r--r-- 1 699 699 2557 Jul 30 16:48 sample_file
drwxr-xr-x 1 699 699 4096 Aug 11 17:25 sample_dir
$ touch test_mnt/new_file
touch: cannot touch ‘test_mnt/new_file’: Permission denied
# extra info: SSH to the remote host and check file permissions
$ ssh REMOTE_USERNAME@REMOTE_HOST
# on remote host
$ ls -al /remote/dir/path/
lrwxrwxrwx 1 root root 18 Jul 30 13:48 /remote/dir/path/ -> /srv/path/path/path/
$ cd /remote/dir/path/
$ ls -al
total 216
drwxr-xr-x 26 REMOTE_USERNAME REMOTE_USERNAME 4096 Aug 12 13:42 .
drwxr-xr-x 4 root root 4096 Jul 30 14:37 ..
-rw-r--r-- 1 REMOTE_USERNAME REMOTE_USERNAME 2557 Jul 30 13:48 sample_file
drwxr-xr-x 2 REMOTE_USERNAME REMOTE_USERNAME 4096 Aug 11 14:25 sample_dir
这个问题在linux邮件列表中得到了回答; 为了完整起见,我在此处发布了翻译后的答案。
解决方案是不要同时使用选项default_permissions和allow_other(我在原始实验中没有尝试过)。
这个问题似乎很简单。当您default_permissions在fusermount中提供选项时,保险丝对保险丝座的许可控制是由内核而不是通过fuse处理的。这意味着REMOTE_USER的uid / gid没有映射到LOCAL_USER(sshfs.c IDMAP_NONE)。它的工作方式与没有映射的简单nfs fs相同。
因此,如果uid / gid数字不匹配,则禁止访问是有意义的。
如果您有此选项,allow_other则该目录只能由本地用户使用uid 699写入(如果存在)。
从保险丝的人:
'default_permissions'
By default FUSE doesn't check file access permissions, the
filesystem is free to implement its access policy or leave it to
the underlying file access mechanism (e.g. in case of network
filesystems). This option enables permission checking, restricting
access based on file mode. It is usually useful together with the
'allow_other' mount option.
'allow_other'
This option overrides the security measure restricting file access
to the user mounting the filesystem. This option is by default only
allowed to root, but this restriction can be removed with a
(userspace) configuration option.
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句